Overclock.net › Forums › Software, Programming and Coding › Networking & Security › How can I get rid of this nasty virus?
New Posts  All Forums:Forum Nav:

How can I get rid of this nasty virus? - Page 3

post #21 of 85
Quote:
Originally Posted by ComradeNF View Post
My friend's mom recently had her debit card hacked into and the hacker charged $550 to it. She buys a lot of things online with the debit card so that could be the reason why, but I decided to take a look at it when I was at their house today.

The laptop is pretty old, around 6 years old, and it has Windows XP on it. They had Norton installed and they told me not to remove it because apparently Norton is the best (sad, I know). I finally persuaded them to remove it and I installed Malwarebytes, SuperAntiSpyware, and Avast. Avast found ~150 viruses and successfully removed them. However, whenever I scanned with Malewatebytes and SuperAntiSpyware I always got these 8 viruses called Rootkits which it just couldn't remove. It said they would be removed, but when you restarted the PC they reappeared. All the other viruses were deleted though.

I tried various methods and I can't seem to remove them. Anyone know anyway to remove them?

What exactly is a rootkit and what threats does it pose?
Root kits are nasty some can not be detected at all without doing timing and statistical analysis on running processes. A simple rootkit will intercept O/S system calls and manage the process table/ device drivers. Output will be managed to show only activity that the root kit wants the users to see.

If you want to learn more about rootkit see rootkit.com - It has sample of various rootkits.

I would suggest copying the family pictures to a usb passport drive and DBANing the hard drive. Re-install the O/S, install Norton( Yeah it is not the best but better than most), update with patches scan the passport usb drive and re-copy the files. Also partition the hard drive into two separate partition one for O/S and one for stuff.

Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
post #22 of 85
Quote:
Originally Posted by UsedPaperclip View Post
Run Malwarebytes and Combofix. That will get rid of pretty much anything. Combofix will get rid of those pita rootkits malwarebytes wont.

Combofix
http://www.bleepingcomputer.com/down...virus/combofix
How to use it.
http://www.bleepingcomputer.com/comb...o-use-combofix

If they dont work, you can always do windows repair on windows xp with the xp cd. If you need help with that just pm me.
I doubt this would work as most rootkits can easily avoid anti-malware/anti-virus software.
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
post #23 of 85
Quote:
Originally Posted by Dorianime View Post
do not reformat!

Have you tired Kaspersky?

man I accidently closed this tab and had a hard time finding it lol

Kaspersky did the trick for removing Viruses that would reapper at bootup.

Had a bad case that only kept adding more viruses before,..
Yup Kaspersky is pretty good are removing fake anti-virus programs/malware.

Rootkits are different and much harder to remove as they integrate with the O/S
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
post #24 of 85
Isn't TDSS Killer made to remove rootkits?

I've never used it, but maybe give it a go.

http://support.kaspersky.com/viruses/utility
Edited by Wheezo - 8/5/11 at 7:27pm
Mecha |3lack
(25 items)
 
Ol' Timer
(23 items)
 
Littlefoot
(14 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon x5650 @ 3.80GHz 6c/12t Asus P6T Deluxe V2 16+2 Phase Sapphire NITRO+ RX470 4GB 12GB (3 x 4GB) Kingston Hyper X Fury 1.5v 1600mhz  
Hard DriveHard DriveHard DriveOptical Drive
Crucial BX200 240GB [OS] WD Caviar Black WD1001FALS 3 X WD Caviar Blue WD10EZEX  LG Super Writemaster 
CoolingOSMonitorMonitor
Xigmatek SD1283 Night Hawk [P/P] Windows 10 Home LG 24EA53V 24" LED IPS 1080p LG 42LY340C 42" LED HDTV 1080p 
MonitorKeyboardPowerCase
Samsung Syncmaster 2243SWX Nixeus Moda V2 MK-BN15 TKL Enermax Liberty ECO 620watt Fractal Design Define XL R2 
MouseMouse PadAudioAudio
Logitech G502 Proteus Core Ducky Flipper Extra R Asus Xonar DGx Sennheiser HD558 
AudioAudioAudioOther
Pioneer SX-315 700w Receiver  Klipsch Synergy B10 Speakers Audio-Technica ATR4750 Microphone NZXT LED Strip 2m - Blue 
Other
XBOX 360 USB Controller - White 
CPUMotherboardGraphicsRAM
Intel C2Q Q8300 @ 3.0GHz - 1.30v Asus P5K-VM mATX Sapphire HD7870 Ghz Dual-X 4 GB (2x2gb) GSkill DDR2 1066MHz + 2GB Hynix  
Hard DriveHard DriveHard DriveHard Drive
ADATA XPG SX900 128gb SSD [OS] WD10EZEX 1TB  WD Scoripo Black 320gb Segate Barracuda 7200.11 500gb 
Optical DriveCoolingOSMonitor
LG Super-Multi DVD/RW Coolermaster 775 HS /w shroud  Windows 10 Home LG 42LY340C 42" LED HDTV 1080p 
MonitorKeyboardPowerCase
Acer 19" Monitor 1600 x 900 Logitech G105 Antec VP450 450w 80+ Antec 900 Mid Tower 
MouseMouse PadAudioAudio
Logitech G400 Razer Goliathus Mid-Size Asus Xonar DG 5.1 PCI Logitech z-5500 5.1 
AudioAudioOther
Coolermaster Storm Ceres 400 Headset AKG K142 HD Sunbeam CCFL 12" - Green 
CPUGraphicsRAMHard Drive
Intel Core i3 2120 3.30GHz  Intel HD2000 6GB (3 x 2GB) OCZ Gold DDR3 1600MHz WD Blue 1TB 
Optical DriveCoolingOSMonitor
LG Super Multi DVD/RW Passive Copper Intel Heatsink Win 10 Professional 64bit LG 42LN5200 42" HDTV 
KeyboardCaseMouseAudio
Logitech K400 Wireless Stock HP SFF Chassis K400 Trackpad Onboard Realtek ALC261 
Audio
Superlux HD668-B 
  hide details  
Reply
Mecha |3lack
(25 items)
 
Ol' Timer
(23 items)
 
Littlefoot
(14 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon x5650 @ 3.80GHz 6c/12t Asus P6T Deluxe V2 16+2 Phase Sapphire NITRO+ RX470 4GB 12GB (3 x 4GB) Kingston Hyper X Fury 1.5v 1600mhz  
Hard DriveHard DriveHard DriveOptical Drive
Crucial BX200 240GB [OS] WD Caviar Black WD1001FALS 3 X WD Caviar Blue WD10EZEX  LG Super Writemaster 
CoolingOSMonitorMonitor
Xigmatek SD1283 Night Hawk [P/P] Windows 10 Home LG 24EA53V 24" LED IPS 1080p LG 42LY340C 42" LED HDTV 1080p 
MonitorKeyboardPowerCase
Samsung Syncmaster 2243SWX Nixeus Moda V2 MK-BN15 TKL Enermax Liberty ECO 620watt Fractal Design Define XL R2 
MouseMouse PadAudioAudio
Logitech G502 Proteus Core Ducky Flipper Extra R Asus Xonar DGx Sennheiser HD558 
AudioAudioAudioOther
Pioneer SX-315 700w Receiver  Klipsch Synergy B10 Speakers Audio-Technica ATR4750 Microphone NZXT LED Strip 2m - Blue 
Other
XBOX 360 USB Controller - White 
CPUMotherboardGraphicsRAM
Intel C2Q Q8300 @ 3.0GHz - 1.30v Asus P5K-VM mATX Sapphire HD7870 Ghz Dual-X 4 GB (2x2gb) GSkill DDR2 1066MHz + 2GB Hynix  
Hard DriveHard DriveHard DriveHard Drive
ADATA XPG SX900 128gb SSD [OS] WD10EZEX 1TB  WD Scoripo Black 320gb Segate Barracuda 7200.11 500gb 
Optical DriveCoolingOSMonitor
LG Super-Multi DVD/RW Coolermaster 775 HS /w shroud  Windows 10 Home LG 42LY340C 42" LED HDTV 1080p 
MonitorKeyboardPowerCase
Acer 19" Monitor 1600 x 900 Logitech G105 Antec VP450 450w 80+ Antec 900 Mid Tower 
MouseMouse PadAudioAudio
Logitech G400 Razer Goliathus Mid-Size Asus Xonar DG 5.1 PCI Logitech z-5500 5.1 
AudioAudioOther
Coolermaster Storm Ceres 400 Headset AKG K142 HD Sunbeam CCFL 12" - Green 
CPUGraphicsRAMHard Drive
Intel Core i3 2120 3.30GHz  Intel HD2000 6GB (3 x 2GB) OCZ Gold DDR3 1600MHz WD Blue 1TB 
Optical DriveCoolingOSMonitor
LG Super Multi DVD/RW Passive Copper Intel Heatsink Win 10 Professional 64bit LG 42LN5200 42" HDTV 
KeyboardCaseMouseAudio
Logitech K400 Wireless Stock HP SFF Chassis K400 Trackpad Onboard Realtek ALC261 
Audio
Superlux HD668-B 
  hide details  
Reply
post #25 of 85
Quote:
Originally Posted by ComradeNF View Post
No it isn't. It barely detected any of the viruses when I scanned with Norton.

Also, @ above poster, can you install Ubuntu Linux on another partition and access the folders from your windows partition? If so, that could be an option. I hope Ubuntu is under 20GB though since that is all they have.
This works but it is easier to just copy the files to a passport drive and wipe (I do mean Wipe LIKE DOD 8 passes WIPE alternating bit patterns DBAN)

Reinstall O/S, patch, install Anti-virus software
Create a restictive user and scan the passport drive with multiple tools and copy files over.
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
post #26 of 85
Quote:
Originally Posted by Wheezo View Post
Isn't TDSS Killer made to remove rootkits?

I've never used it, but maybe give it a go.

http://support.kaspersky.com/faq/?qid=208283363
Yes, it removes very simple rootkits that were derived from the source code on rootkit.com

If it one of the rootkit I am aware that has an intergrated keystoke logger and some other features that defeats TDSS.

The problem with rootkits is you never really know if it is removed and deactivated as the rootkit may be managing the removal tool
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
post #27 of 85
Quote:
Originally Posted by Kmon View Post
Root kits are nasty some can not be detected at all without doing timing and statistical analysis on running processes. A simple rootkit will intercept O/S system calls and manage the process table/ device drivers. Output will be managed to show only activity that the root kit wants the users to see.

If you want to learn more about rootkit see rootkit.com - It has sample of various rootkits.

I would suggest copying the family pictures to a usb passport drive and DBANing the hard drive. Re-install the O/S, install Norton( Yeah it is not the best but better than most), update with patches scan the passport usb drive and re-copy the files. Also partition the hard drive into two separate partition one for O/S and one for stuff.

A rootkit is a software system containing one or more programs designed to show no indication that a system has been compromised. a rootkit is used to replace essential system executables, which can then conceal processes and files installed by the attacker as well as rootkit itself. A rootkit's intention is to control the operating system. Rootkits obscure their presence on the system through by evading standard operating system security mechanisms.

Rootkits can also be trojans, tricking the user into thinking they can be safely run on their systems. This can be achieved by concealing running processes from monitoring programs, or hiding files or system data from the operating system. Rootkits are also capable of installing a "back door" in a system by changing the login mechanism (such as /bin/login) with an executable that accepts a secret login combination, allowing the system to be accessed by an attacker, even if changes are made to the actual accounts on the system.
Originally, rootkits may have been normal applications, designed to take control of a faulty or unresponsive system, but more recently have been produced as malware allowing attackers to gain access to systems undetected. Rootkits exist for a variety of operating systems, such as Microsoft Windows, Linux, Mac OS, and Solaris. Rootkits often install themselves as drivers or kernel modules or modify parts of the operating system, depending on the internal elements of an operating system's mechanisms.
post #28 of 85
Quote:
Originally Posted by Kmon View Post
This works but it is easier to just copy the files to a passport drive and wipe (I do mean Wipe LIKE DOD 8 passes WIPE alternating bit patterns DBAN)

Reinstall O/S, patch, install Anti-virus software
Create a restictive user and scan the passport drive with multiple tools and copy files over.
Whats the name of the malware btw?
post #29 of 85
Can't you just blow away the operating system?
post #30 of 85
Quote:
Originally Posted by Wheezo View Post
Isn't TDSS Killer made to remove rootkits?

I've never used it, but maybe give it a go.

http://support.kaspersky.com/viruses/utility
yes it is. Have anyone ID the malware by any chance? Or do you all hope a specialized rootkit cleaner is going to tell you its name and how it got thru?
http://www.overclock.net/networking-...ide.html#links
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › How can I get rid of this nasty virus?